https://wiki.atomicorp.com/wiki/index.php?title=ASL_Configuration&feed=atom&action=historyASL Configuration - Revision history2024-03-29T09:52:51ZRevision history for this page on the wikiMediaWiki 1.20.2https://wiki.atomicorp.com/wiki/index.php?title=ASL_Configuration&diff=6028&oldid=prevMshinn: /* RESTART_APACHE */2020-05-23T23:23:32Z<p><span dir="auto"><span class="autocomment">RESTART_APACHE</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 23:23, 23 May 2020</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 203:</td>
<td colspan="2" class="diff-lineno">Line 203:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>No:  Do not restart apache.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>No:  Do not restart apache.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>Note:  If you set this to "No", updates that require apache restarts will not be applied, such as new WAF rules.  If you set this to "No" you will need to schedule regular restart intervals to install the latest rules.  Only the latest rules are supported with the WAF.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">'''</ins>Note:  If you set this to "No", updates that require apache restarts will not be applied, such as new WAF rules.  If you set this to "No" you will need to schedule regular restart intervals to install the latest rules.  Only the latest rules are supported with the WAF.<ins class="diffchange diffchange-inline">'''</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==== Kernel Channel ====</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==== Kernel Channel ====</div></td></tr>
</table>Mshinnhttps://wiki.atomicorp.com/wiki/index.php?title=ASL_Configuration&diff=5974&oldid=prevBen: /* Plesk Update policy */2019-01-15T20:17:27Z<p><span dir="auto"><span class="autocomment">Plesk Update policy</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 20:17, 15 January 2019</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1,160:</td>
<td colspan="2" class="diff-lineno">Line 1,160:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>FW_PLESK_UPDATES: Enable/Disable Plesk keyserver update firewall policy. Default:[no]</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>FW_PLESK_UPDATES: Enable/Disable Plesk keyserver update firewall policy. Default:[no]</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">This setting allows the plesk update process to bypass any firewall rules you may add to the system.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==== PSA_DISABLE_CRONTAB ====</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==== PSA_DISABLE_CRONTAB ====</div></td></tr>
</table>Benhttps://wiki.atomicorp.com/wiki/index.php?title=ASL_Configuration&diff=5972&oldid=prevJgodwin: /* Post Installation Configuration */2018-11-15T23:19:03Z<p><span dir="auto"><span class="autocomment">Post Installation Configuration</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 23:19, 15 November 2018</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 47:</td>
<td colspan="2" class="diff-lineno">Line 47:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This is the password ASL will use to download updates.  This should be the same password you use to log into the License Manager.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This is the password ASL will use to download updates.  This should be the same password you use to log into the License Manager.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>===<del class="diffchange diffchange-inline">= ASL_DB_RETENTION =</del>===</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>=== <ins class="diffchange diffchange-inline">Data Retention Policies </ins>===</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">''Version 4:''</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">Data retention policies control the automated clean up of file and database storage used by ASL, ossec, and mod_security.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">This value is used only </del>for the <del class="diffchange diffchange-inline">purpose of keeping </del>the <del class="diffchange diffchange-inline">incoming </del>alert <del class="diffchange diffchange-inline">table clean</del>.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">==== RETENTION_USE_CONSOLIDATED ====</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">Selecting yes </ins>for <ins class="diffchange diffchange-inline">this setting will apply </ins>the <ins class="diffchange diffchange-inline">retention period specified by RETENTION_CONSOLIDATED to events and archive tables in </ins>the <ins class="diffchange diffchange-inline">database, file backups generated by ASL, mod_security </ins>alert <ins class="diffchange diffchange-inline">files, diff files created by ossec, and malware scan reports</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">If ASL_DB_ARCHIVE is set to "yes", archived events will </del>be <del class="diffchange diffchange-inline">searchable via the Events Search window, or accessible via any event links found elsewhere in ASL Web (such as the Blocklist window), even after they have been removed from the incoming alert table</del>.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">==== RETENTION_CONSOLIDATED ====</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">A value and unit of measure indicating how long data should </ins>be <ins class="diffchange diffchange-inline">retained</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">ex: "3 months"</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">ex: "1 years"</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">ex: "24 days"</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">==== DB_USE_ARCHIVE ====</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">If set to no, no monthly archive tables of event data will be created by ASL.  If set to yes, the tables will be created and kept based on retention settings.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">''Version 3</del>.<del class="diffchange diffchange-inline">x:''</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">==== DB_ARCHIVE_PERIOD ====</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">A value and unit of measure indicating how long tables should be retained</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">Period alert data is considered to be live before being moved into an archive table.  Once this limit is reached, ASL will move the events into the database archive table.</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">ex: "3 months"</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">ex: "1 years"</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">ex: "24 days"</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">The format for this field is an integer follow </del>by <del class="diffchange diffchange-inline">"days" "weeks" "months" or "years".  For example</del>, <del class="diffchange diffchange-inline">if you want </del>to <del class="diffchange diffchange-inline">archive events after 3 months, you would change this field to:</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">==== RETENTION_MAX_RBC_COUNT ====</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">This setting indicates the maximum number of file backups created </ins>by <ins class="diffchange diffchange-inline">ASL that will be kept at any given time</ins>, <ins class="diffchange diffchange-inline">without regard </ins>to <ins class="diffchange diffchange-inline">time based retention settings.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">3 months</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">==== HIDS_CLEAN_DIFF ====</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">If consolidated settings are not being used, this value will determine the number of days that ossec's diff files will be kept.  The default value is 60.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">The </del>default <del class="diffchange diffchange-inline">is 7 days</del>.  <del class="diffchange diffchange-inline">After 7 days, events do not show up in the security events window or in searches</del>. <del class="diffchange diffchange-inline"> If you have ASL_DB_ARCHIVE set to "yes" old records are archived in mysql (but do not show up in the security events window or searches)</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">==== HIDS_ARCHIVE_ALL ====</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">By </ins>default <ins class="diffchange diffchange-inline">ASL only retains alert logs, enabling this will archive all logs</ins>.  <ins class="diffchange diffchange-inline">Please note this can use considerable disk space</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">This </del>value <del class="diffchange diffchange-inline">is ignored if ASL_DB_ARCHIVE is set </del>to <del class="diffchange diffchange-inline">"no" below</del>.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">==== MODSEC_CLEAN_ALERT ====</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">If consolidated settings are not being used, this </ins>value <ins class="diffchange diffchange-inline">will determine the number of days </ins>to <ins class="diffchange diffchange-inline">retain mod_security alert files.  The default value is 14</ins>.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>==== <del class="diffchange diffchange-inline">ASL_DB_ARCHIVE </del>====</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>==== <ins class="diffchange diffchange-inline">PURGE_LOGS </ins>====</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">If consolidated settings are being used, they will not override this setting.  </ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">ASL </del>will <del class="diffchange diffchange-inline">store old data in monthly archive table if this is set to 'yes', </del>or <del class="diffchange diffchange-inline">simply delete past retention data if it is set to 'no' once </del>the <del class="diffchange diffchange-inline">ASL_DB_RETENTION period is reached for the data.</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">This setting determines the number of days that ossec's alert files </ins>will <ins class="diffchange diffchange-inline">be kept.  A value of "no" </ins>or <ins class="diffchange diffchange-inline">"-1" will retain </ins>the <ins class="diffchange diffchange-inline">files indefinitely</ins>.  <ins class="diffchange diffchange-inline">The default value is -1</ins>.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">=== Data Paths ===</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">==== PATH_RSS ====</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">URL to the Atomicorp Security Bulletins RSS feed</del>.  <del class="diffchange diffchange-inline">You shouldnt change this unless told to do so by Atomicorp support personnel</del>.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== General Settings ===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>=== General Settings ===</div></td></tr>
</table>Jgodwinhttps://wiki.atomicorp.com/wiki/index.php?title=ASL_Configuration&diff=5971&oldid=prevMshinn: /* OSSEC_MAX_MSG */2018-11-01T21:58:04Z<p><span dir="auto"><span class="autocomment">OSSEC_MAX_MSG</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 21:58, 1 November 2018</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 584:</td>
<td colspan="2" class="diff-lineno">Line 584:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Maximum number of email messages OSSEC will send per hour. Multiple alerts will be sent in digest mode (a single email) once per hour if the value is set to 1.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Maximum number of email messages OSSEC will send per hour. Multiple alerts will be sent in digest mode (a single email) once per hour if the value is set to 1.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>To receive emails more frequently, you must increase the value <del class="diffchange diffchange-inline">in /var/ossec/etc/ossec.conf under global settings. Change the value located in the </del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>To receive emails more frequently, you must increase the value between 1 and 9999. <ins class="diffchange diffchange-inline"> </ins>If you use a value outside of this range, the maild service will fail and you will not receive email alerts.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"><email_maxperhour></email_maxperhour> line. The value must be a positive integer </del>between 1 and 9999.If you use a value outside of this range,  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>the maild service will fail and you will not receive email alerts.  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">After updating the value, please run the command(s) below so that the change takes effect:</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">service ossec-hids restart or systemctl daemon-reload  (Centos 7, RedHat7) </del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div> </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">chkconfig ossec-hids <on|off> (Centos 6, RedHat 6)</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==== Database Settings ====</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==== Database Settings ====</div></td></tr>
</table>Mshinnhttps://wiki.atomicorp.com/wiki/index.php?title=ASL_Configuration&diff=5970&oldid=prevBen: /* OSSEC_MAX_MSG */2018-11-01T18:07:02Z<p><span dir="auto"><span class="autocomment">OSSEC_MAX_MSG</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 18:07, 1 November 2018</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 591:</td>
<td colspan="2" class="diff-lineno">Line 591:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>service ossec-hids restart or systemctl daemon-reload  (Centos 7, RedHat7)  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>service ossec-hids restart or systemctl daemon-reload  (Centos 7, RedHat7)  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>chkconfig ossec-hids <on|off> (Centos 6, RedHat 6)</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>chkconfig ossec-hids <on|off> (Centos 6, RedHat 6)</div></td></tr>
</table>Benhttps://wiki.atomicorp.com/wiki/index.php?title=ASL_Configuration&diff=5969&oldid=prevBen: /* OSSEC_MAX_MSG */2018-11-01T18:06:41Z<p><span dir="auto"><span class="autocomment">OSSEC_MAX_MSG</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 18:06, 1 November 2018</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 590:</td>
<td colspan="2" class="diff-lineno">Line 590:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>After updating the value, please run the command(s) below so that the change takes effect:</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>After updating the value, please run the command(s) below so that the change takes effect:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>service ossec-hids restart <del class="diffchange diffchange-inline">  </del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>service ossec-hids restart or systemctl daemon-reload  (Centos 7, RedHat7)  </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>or</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>systemctl daemon-reload  (Centos 7, RedHat7)  </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
</table>Benhttps://wiki.atomicorp.com/wiki/index.php?title=ASL_Configuration&diff=5968&oldid=prevBen: /* OSSEC_MAX_MSG */2018-11-01T18:06:12Z<p><span dir="auto"><span class="autocomment">OSSEC_MAX_MSG</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 18:06, 1 November 2018</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 590:</td>
<td colspan="2" class="diff-lineno">Line 590:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>After updating the value, please run the command(s) below so that the change takes effect:</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>After updating the value, please run the command(s) below so that the change takes effect:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>service ossec-hids restart (Centos 7, RedHat7) <del class="diffchange diffchange-inline">or  </del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>service ossec-hids restart <ins class="diffchange diffchange-inline">  </ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">systemctl daemon-reload</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">or</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">systemctl daemon-reload  </ins>(Centos 7, RedHat7)  </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>chkconfig ossec-hids <on|off> (Centos 6, RedHat 6)</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>chkconfig ossec-hids <on|off> (Centos 6, RedHat 6)</div></td></tr>
</table>Benhttps://wiki.atomicorp.com/wiki/index.php?title=ASL_Configuration&diff=5967&oldid=prevBen: /* OSSEC_MAX_MSG */2018-11-01T18:05:15Z<p><span dir="auto"><span class="autocomment">OSSEC_MAX_MSG</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 18:05, 1 November 2018</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 588:</td>
<td colspan="2" class="diff-lineno">Line 588:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>the maild service will fail and you will not receive email alerts.  </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>the maild service will fail and you will not receive email alerts.  </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>After updating the value, please run:</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>After updating the value, please run <ins class="diffchange diffchange-inline">the command(s) below so that the change takes effect</ins>:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>service ossec-hids restart (Centos 7, RedHat7)</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>service ossec-hids restart (Centos 7, RedHat7) <ins class="diffchange diffchange-inline">or  </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">systemctl daemon-reload</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>chkconfig ossec-hids <on|off> (Centos 6, RedHat 6)</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>chkconfig ossec-hids <on|off> (Centos 6, RedHat 6)</div></td></tr>
</table>Benhttps://wiki.atomicorp.com/wiki/index.php?title=ASL_Configuration&diff=5966&oldid=prevBen: /* OSSEC_MAX_MSG */2018-11-01T18:03:32Z<p><span dir="auto"><span class="autocomment">OSSEC_MAX_MSG</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 18:03, 1 November 2018</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 583:</td>
<td colspan="2" class="diff-lineno">Line 583:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''Max messages per hour'''</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>'''Max messages per hour'''</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>Maximum number of email messages OSSEC will send per hour. Multiple alerts will be sent in digest mode (a single email). <del class="diffchange diffchange-inline">Setting </del>this <del class="diffchange diffchange-inline">to 0 </del>will <del class="diffchange diffchange-inline">disable digest mode</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>Maximum number of email messages OSSEC will send per hour. Multiple alerts will be sent in digest mode (a single email) <ins class="diffchange diffchange-inline">once per hour if the value is set to 1</ins>.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">To receive emails more frequently, you must increase the value in /var/ossec/etc/ossec.conf under global settings. Change the value located in the </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"><email_maxperhour></email_maxperhour> line. The value must be a positive integer between 1 and 9999.If you use a value outside of </ins>this <ins class="diffchange diffchange-inline">range, </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">the maild service </ins>will <ins class="diffchange diffchange-inline">fail and you will not receive email alerts. </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">After updating the value, please run:</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">service ossec-hids restart (Centos 7, RedHat7)</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">chkconfig ossec-hids <on|off> (Centos 6, RedHat 6)</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==== Database Settings ====</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>==== Database Settings ====</div></td></tr>
</table>Benhttps://wiki.atomicorp.com/wiki/index.php?title=ASL_Configuration&diff=5875&oldid=prevMshinn: /* OSSEC_SHUN_ENABLE_TIMEOUT */2017-07-28T19:40:41Z<p><span dir="auto"><span class="autocomment">OSSEC_SHUN_ENABLE_TIMEOUT</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 19:40, 28 July 2017</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 634:</td>
<td colspan="2" class="diff-lineno">Line 634:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Enable/Disable expiration of active response firewall blocks. Setting this to yes will expire blocks after a fixed interval defined in OSSEC_SHUN_TIME.  Setting this to no will make all blocks permanent (not recommended).</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Enable/Disable expiration of active response firewall blocks. Setting this to yes will expire blocks after a fixed interval defined in OSSEC_SHUN_TIME.  Setting this to no will make all blocks permanent (not recommended).</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">===== HIDS_IPSET_DROP =====</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">This will configure the system to use the ipset instead of iptables.  This is newer, faster and less memory intensive method of shunning and is highly recommended on systems that support it.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">Note:  Virtuzzo and OpenVZ are not known to support ipset.  Enabling this option on those platforms may break shunning and other aspects of the firewall.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===== OSSEC_SHUN_TIME =====</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===== OSSEC_SHUN_TIME =====</div></td></tr>
</table>Mshinn